def home(): if session['logged_in']: all_permissions = read_user_permissions() for permission in all_permissions: session[permission] = True return render_template('home.html') else: return redirect(url_for('login'))
def modify_role(): if session['logged_in'] and ('Read roles' in session or 'Edit roles' in session): if request.form['submit'] == 'delete': role_id = request.form['roleid'] q_session = Session() # Retrieve the role name for logging role = q_session.query( Roles ).filter_by( id=role_id ).first() rolename = role.name # Delete the role roles = q_session.query( Roles ).filter_by( id=role_id ).delete() # delete permissions associated with the role permissions = q_session.query( RolesPermissions ).filter( RolesPermissions.role_id == role_id ).delete() # delete user role map for the said role user_roles = q_session.query( UserRoles ).filter( UserRoles.user_role_id == role_id ).delete() q_session.commit() msg = str(datetime.datetime.now()) + ': Deleted role ' + rolename + ' by ' + current_user.email app.logger.info(msg) if request.form['submit'] == 'save': role_id = request.form['roleid'] rolename = request.form['rolename'] q_session = Session() # delete all existing permissions for this role permissions = q_session.query( RolesPermissions ).filter( RolesPermissions.role_id == role_id ).delete() q_session.commit() permissionslist = request.form.getlist('rolepermissions') # get system wide permissions all_permissions = all_permission_names() # find permissions to remove from session permissions_to_remove_from_session = list(set(all_permissions).difference(set(read_user_permissions()))) # remove the permissions from session for permission_to_remove in permissions_to_remove_from_session: session.pop(permission_to_remove, None) # set all new permissions in session permission_names = q_session.query( Permissions.name ).filter( Permissions.id.in_(permissionslist) ).all() for each_permission in permission_names: session[each_permission[0]] = True # add new role permissions for permission in permissionslist: record = RolesPermissions(role_id=role_id, permissions_id=permission) q_session.add(record) q_session.commit() msg = str(datetime.datetime.now()) + ': Modified role ' + rolename + ' by ' + current_user.email app.logger.info(msg) return redirect(url_for('.list_roles')) else: session['no-access'] = True session['tried'] = 'Roles' return redirect(url_for('login'))